| This example shows how to connect to a JSR 160 RMIConnectorServer over SSL.
An RMI client that has been setup to use SSL must know the X509 certificate
corrispondent to the private key used by the server to encrypt the communication.
This X509 certificate is usually distributed by the server to the clients, that should
import it into a 'trust store'.
This trust store can be the JDK's one ($JRE_HOME/lib/security/cacerts) or a custom one.
In both cases the import operation can be achieved by using JDK's keytool utility.
Here is the command to create a custom trust store containing the X509 certificate
from a certificate file 'myserver.cer' distributed by the server:
keytool -import -v -file myserver.cer -storepass storepwd -keystore trust.store -noprompt
When using a custom trust store, the system property javax.net.ssl.trustStore
must point to the file path of the trust store.
If instead the X509 certificate has been imported into the JDK's default trust store,
then it is not necessary to specify the javax.net.ssl.trustStore system
property.
This example is meant to show the usage of the JSR 160 API: it is not an example of how to
setup a secure environment.
Please refer to the JDK documentation about usage of keytool, to the JCE and JSSE documentation
and to a good book on Java security before porting these examples to a real environment that
must be secured.
You know what I mean :-)
version:
$Revision: 1.1 $ |
